Laptop Dark Background

By now you’ve likely heard of VPNs, the services that encrypt your internet connection and route all the traffic going to and from a device through a remote server. The vast majority of commercial Virtual Private Network providers enable users to connect to those servers using an app installed on a desktop or smartphone. Once connected to the VPN server using the app, users harden their online security, improve privacy, bypass censorship, unblock geo-locked content, and more. For these reasons, VPN Native Apps have become very popular in recent years.

A popular emerging alternative to installing a native VPN app is to use a proxy browser extension. Proxy plugins and extensions for Chrome, Firefox, and other browsers claim to achieve the same benefits as a VPN, and some even go so far as even label themselves as VPNs. After all, they hide your IP address and (hopefully) use encryption to secure the connection. And unlike native apps, they often don’t require registration or installation on the operating system.

But be warned: proxy browser extensions are not the same as native VPN apps, even if they have “VPN” in the title. In short, most VPN browser extensions are just proxies, not VPNs. In this article, we’ll explain the difference and when you should use one over the other.

Where VPN browser extensions fall short

In your search for a VPN browser extension, names like Hotspot Shield, Hola, DotVPN, and ZenMate will likely cross your path. While some of these companies do offer real VPN services, their browser plugins don’t provide the full benefits of a real VPN.

Protection only extends to your browser

In reality, these extensions are HTTP or HTTPS proxies, not VPNs. That means they only protect traffic going to and from your web browser. If you have any other apps you wish to tunnel through the VPN, you’ll need a native VPN app installed on your machine. That includes apps like Steam, Spotify, Popcorn Time, Outlook, Skype, and SpiderOak One Backup.

Data leaks

DNS, IPv6, and WebRTC leaks occur when some data is inadvertently sent outside of the encrypted VPN tunnel. These leaks could allow a website or your ISP to see your real IP address, location, and/or browsing history.

The vast majority of standalone proxy browser extensions cannot prevent all these leaks from occurring. Granted, many native VPN apps struggle with these leaks as well, but quality paid providers have plugged them.

Can’t bypass anti-proxy firewalls

Many apps and websites that stream geo-locked content, such as Netflix, prevent users from streaming through any sort of proxy. Their aim is to prevent overseas viewers from watching content that the site or app isn’t licensed to stream in a particular country or region. Only a handful of VPNs work with Netflix and can bypass similar firewalls using their native apps.

Browser extensions are almost certainly a dead end. They lack the leak protection mentioned above, so there’s a higher chance a website can see the user’s real location and block them accordingly.

For the same reasons, browser extensions will often encounter problems when attempting to bypass government-imposed censorship in countries like China, Iran, and the UAE. Because DNS requests are not sent through the proxy with the rest of the browser traffic, internet police can still block websites using a tactic called DNS spoofing (a.k.a. DNS tampering, DNS poisoning, or DNS hijacking).

Vulnerable to attack

Traditional VPN apps rely on a trust model that authenticates both the client and the server before data starts passing through. Browser extension VPNs allow anyone to connect from anywhere without authentication, which opens them up to man-in-the-middle attacks. Keyloggers and remote management tools are also cause for concern.

Many proxy extensions use no encryption at all or use deprecated encryption standards, meaning they effectively provide no protection from snoopers.

Beware the “free” model

The majority of VPN browser extensions you’ll find online are free. But don’t be fooled; these are not charities. As with any so-called free VPN, chances are user data is at risk. Free providers often gather users’ browsing data, inject tracking cookies into browsers, and/or insert advertisements into web browsers to make money. Some even carry malware payloads or forcefully redirect users to affiliate sites.

Hola is perhaps the most notable example of unscrupulous behavior by a provider. The browser extension uses a peer-to-peer model in lieu of centralized servers. At one point, the company hijacked the idle bandwidth on its users’ computers to launch DDoS attacks on websites.

When to use a proxy browser extension

Browser extensions are not entirely without benefit. They can accomplish a handful of things that a native VPN app cannot, and users on certain devices might find them preferable.

Chromebook users, for example, often cannot install native VPN apps. Given a choice between a tailor-made proxy extension and manually configuring dozens of servers, the former is far less tedious. And because everything in Chrome OS happens inside the Chrome browser, using an extension is not an altogether bad approach.

Extensions can also add other protections not found in native VPN apps:

  • Windscribe’s extension can block ads and trackers, rotate the user agent, delete third-party cookies when the browser is closed, remove social media buttons, and spoof the time zone to match the location of the proxy server.
  • ExpressVPN’s browser extension scrambles Chrome’s geo-location API to make your supposed whereabouts more convincing.
  • NordVPN’s browser extension protects against DNS and WebRTC leaks.

These are just a few examples. Note those three providers all offer paid VPN services in addition to their proxy extensions and in some cases encourage users to employ both simultaneously for additional protection. ExpressVPN’s browser extension is actually just a controller for the native VPN app and won’t function on its own.

If you only plan on browsing the web and don’t need to bypass any anti-proxy firewalls, a proxy browser extension might be enough to suit your needs. If you insist on using a browser extension, at least get one that prevents DNS leaks. If you want more complete protection and unblocking capabilities for all the applications and services on your device, go with a paid VPN provider that offers a good native app.